Towards Automatic Detection of Nonfunctional Sensitive Transmissions in Mobile Applications

Hao Fu, Pengfei Hu, Zizhan Zheng, Aveek K. Das, Parth H. Pathak, Tianbo Gu, Sencun Zhu, Prasant Mohapatra

Research output: Contribution to journalArticlepeer-review

10 Scopus citations

Abstract

While mobile apps often need to transmit sensitive information out to support various functionalities, they may also abuse the privilege by leaking the data to unauthorized third parties. This makes us question: Is the given transmission required to fulfill the app functionality? In this paper, we make the first attempt to automatically identify suspicious transmissions from app visual interfaces, including app names, descriptions, and user interfaces. We design and implement a novel framework called FlowIntent to detect nonfunctional transmissions at both software and network levels. During the exercising of the given apps, FlowIntent automatically detects privacy-sharing transmissions and determines their purposes by utilizing the fact that mobile users rely on visible app interface to perceive the functionality of the app at certain context. The characterizations of nonfunctional network traffic are then summarized to provide network level protection. FlowIntent not only reduces the false alarms caused by traditional taint analysis, but also captures the sensitive transmissions missed by widely-used taint analysis system TaintDroid. Evaluation using 2125 sharing flows collected from more than a thousand running instances shows that our approach achieves about 94 percent accuracy in detecting nonfunctional transmissions.

Original languageEnglish (US)
Article number9086060
Pages (from-to)3066-3080
Number of pages15
JournalIEEE Transactions on Mobile Computing
Volume20
Issue number10
DOIs
StatePublished - Oct 1 2021

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Towards Automatic Detection of Nonfunctional Sensitive Transmissions in Mobile Applications'. Together they form a unique fingerprint.

Cite this